View Full Version : New Malware.j virus problem
Mcfee keeps telling me the c:\windows\smss.exe has New Malware.j virus, but mcfee can only move it instead of deleting. However, when I was in safemode and trying to delete this infected file, I didn't find the 'smss.exe' under c:\windows, but later mcfee still keep telling that this file is infected.
Please help me to remove this virus, thanks a lot!!
spybot has just been conducted and those 'red' detected are fixed.
here's the hijack
Logfile of HijackThis v1.99.1
Scan saved at 14:34:40, on 2006-06-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\System32\ibmpmsvc.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\System32\svchost.exe
C:\Program Files\University of Arizona Software\U of A VPN Client\cvpnd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\System32\QCONSVC.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\windows\System32\alg.exe
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\system32\tp4serv.exe
C:\windows\AGRSMMSG.exe
D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\windows\system32\regedit.com
C:\windows\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\conime.exe
C:\windows\exerouter.exe
C:\windows\exerouter.exe
C:\windows\exerouter.exe
C:\windows\exerouter.exe
D:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe
F2 - REG:system.ini: Shell=explorer.exe 1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll (file missing)
O2 - BHO: Zhongsou Browser Helper - {2A0176FE-008B-4706-90F5-BBA532A49731} - C:\Program Files\SearchNet\SNHpr.dll (file missing)
O2 - BHO: IE Browser Helper - {3CE496D1-1746-41CD-9489-3C0B93DF10E2} - C:\windows\Downlo~1\IEHpr.dll (file missing)
O2 - BHO: (no name) - {3D898C55-74CC-4B7C-B5F1-45913F368388} - C:\WINDOWS\system32\IE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [S3TRAY2] ; S3Tray2.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TPHOTKEY] ; C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMLREF] ; C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [TPKMAPHELPER] ; C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TP4EX] ; tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] ; C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ibmmessages] ; C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] ; C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] ; C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] ; "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] ; C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IESAddr] ; RunDll32 "C:\windows\Downlo~1\Gladiator.dll",Boot
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] ; rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [iTunesHelper] ; "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ToP] ; C:\windows\LSASS.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TProgram] C:\windows\smss.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [TPKMAPMN] ; C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKCU\..\Run: [MSCalsClocks] D:\Program Files\Microsoft Chinese Date & Time\ICalClk.exe
O4 - HKCU\..\Run: [Skype] ; "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: University of Arizona VPN Client.lnk = C:\Program Files\University of Arizona Software\U of A VPN Client\vpngui.exe
O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/support/plugins/ebraryRdr.cab
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k00719/sb02a.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = telcom.arizona.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = telcom.arizona.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = telcom.arizona.edu
O18 - Protocol: bw+0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {0B70351B-BD93-40ED-9D74-AFED220F0A08} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Sophos Cache Manager (CacheMgr) - SOPHOS Plc - C:\Program Files\Sophos\Remote Update\cachemgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\University of Arizona Software\U of A VPN Client\cvpnd.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\windows\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: QCONSVC - IBM Corp. - C:\windows\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - F:\pROGRAM\VNC4\WinVNC4.exe" -service (file missing)
the other virus detected Mcfee is 'EXP10RER.com', also reported to be under c:\windows, but I still can't find it under that folder
LonnyRJones
2006-06-19, 06:47
Welcome
Create a hijackthis uninstall list
Start HiJackThis
Press 'Config'
Press 'Misc Tools'
Press 'Open Uninstall Manager'
Press 'Save List'
Save the log to a convenient location
Copy the log and post its contents in this thread
Access IBM
Access IBM Cleanup Utility
Access IBM Message Center
Access IBM Tools
ACDSee 7.0 PowerPack
Adobe Reader 7.0.8 - Chinese Simplified
Adobe Reader Chinese Traditional Fonts
Agere Systems AC'97 Modem
ATI Control Panel
ATI Display Driver
ATI HYDRAVISION
BioEdit
Citi Virtual Account Numbers
Default
DnaSP 4.0
eREAD
FlashGet(JetCar)
GeneTree
Google Talk (remove only)
Google Toolbar for Internet Explorer
Hijackthis 1.99.1
HijackThis 1.99.1
IBM 32-bit SDK for Java 2, v1.4.1
IBM Access Connections
IBM Themes
IBM ThinkPad Battery MaxiMiser and Power Management Features
IBM ThinkPad Configuration
IBM ThinkPad EasyEject Utility
IBM ThinkPad Keyboard Customizer Utility
IBM ThinkPad Power Management Driver
IBM ThinkPad Presentation Director
IBM TrackPoint Accessibility Features
IBM TrackPoint Support
Intel(R) PRO Network Adapters and Drivers
Intel(R) Sebring API
iTunes
J2SE Runtime Environment 5.0 Update 6
Java Runtime Environment 1.1
Java Web Start
K-Lite Codec Pack 2.72 Basic
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Logitech Desktop Messenger
Logitech IM Video Companion
Logitech ImageStudio
Macromedia Flash Player 8
McAfee Anti-Spyware Enterprise Module
McAfee VirusScan Enterprise
Microsoft Chinese Date & Time
Microsoft GB18030 Support Package
Microsoft Office Professional Edition 2003
MotoKit 1.06
Motorola Handset USB Driver
Mozilla Firefox (1.0.7)
Norton WMI Update
PowerQuest PartitionMagic Pro 7.0 (Build 283) for NT/2000/XP
Powerword 2005
PrimoPDF
QuickTime
R for Windows 2.2.0
San Fermín
Sequencher 4.6 Demo
SmartMoto
Spybot - Search & Destroy 1.4
SSH Secure Shell
ThinkPad FullScreen Magnifier
ThinkPad Software Installer
Tom - Skype 2.5
Tucson Electronic Timetable
VNC Free Edition 4.1.1
VobSub 2.23
VobSub v2.23 (Remove Only)
VoipStunt
VPN Client
WaveCN
Windows Driver Package - MSN (usbccgp) USB (04/19/2006 1.1.0.2)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows XP Service Pack 2
WinRAR
Zoto Uploader 2.5.3
some documents it creates everytime after reboot are,
D:\autorun.inf
C:\Windows\finders.com
C:\Windows\1.com
......
LonnyRJones
2006-06-21, 06:49
This is your PC not the universities correct ?
I expected to see a few chinnese SearchNet items mentioned on addremove.
I see sings of sophos, Norton and mcaffee, please uninstall all but one antivirus
ONLY after thats been taken care of continue on.
Start Hijackthis and place a check next to these items If there.
F2 - REG:system.ini: Shell=explorer.exe 1
O2 - BHO: MonitorURL Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\PROGRA~1\DESKAD~1\deskipn.dll (file missing)
O2 - BHO: Zhongsou Browser Helper - {2A0176FE-008B-4706-90F5-BBA532A49731} - C:\Program Files\SearchNet\SNHpr.dll (file missing)
O2 - BHO: IE Browser Helper - {3CE496D1-1746-41CD-9489-3C0B93DF10E2} - C:\windows\Downlo~1\IEHpr.dll (file missing)
O2 - BHO: (no name) - {3D898C55-74CC-4B7C-B5F1-45913F368388} - C:\WINDOWS\system32\IE.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O4 - HKLM\..\Run: [IESAddr] ; RunDll32 "C:\windows\Downlo~1\Gladiator.dll",Boot
O4 - HKLM\..\Run: [ToP] ; C:\windows\LSASS.exe
O4 - HKLM\..\Run: [TProgram] C:\windows\smss.exe
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k00719/sb02a.cab
====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
C:\windows\exerouter.exe
Download, install, update and run Prevx1
http://fileinfo.prevx.com/adware/QQ588e22113918-MSCO7868893/MSCONFIG.COM.html
do a full scan, reboot afterwards.
Post back with another nhijackthis log when finished
This topic is closed due to lack of a response to helper.
If you need it re-opened please send me a pm and provide a link to the thread.
Applies only to the original topic starter.